Closed
Bug 1309690
Opened 7 years ago
Closed 7 years ago
signTextJS plus not working with Firefox 50.0beta due to removal of API getUsagesString from nsIX509Cert
Categories
(Firefox :: Extension Compatibility, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: javier--Lx3u0NnX4Eug3hq7uRufuMOjDIwrH7, Unassigned)
References
Details
(Keywords: regression)
Attachments
(1 file)
363 bytes,
text/html
|
Details |
I have received this bug report (https://github.com/jasp00/signTextJS/issues/1): > Hello, it seems that signTextJS plus 0.8.5 is not working with Firefox > 50.0beta. It gives "TypeError" > (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/Unexpected_type). > Also it is not working with Firefox 51.0a2 (2016-10-09) (32 bits). It gives > "signtextjsplus:Error: Invalid argument" and "signtextjsplus:TypeError: > domWindow.crypto is undefined". I have not tried Firefox beta myself. I do not see anything related in the release notes (https://developer.mozilla.org/en-US/Firefox/Releases/50). Could you confirm if this regression is intended?
I installed the add-on but how to generate/reproduce the error?
Flags: needinfo?(javier--Lx3u0NnX4Eug3hq7uRufuMOjDIwrH7)
Comment 2•7 years ago
|
||
Try to call window.crypto.signText function.
Reporter | ||
Comment 3•7 years ago
|
||
If you have a certificate, load the attached testing page, push the button, and sign the message. The result should display in an alert box.
Flags: needinfo?(javier--Lx3u0NnX4Eug3hq7uRufuMOjDIwrH7)
Reporter | ||
Comment 5•7 years ago
|
||
I guess you could install a self-signed certificate. You may want to try a free certificate instead, such as one from StartCom (https://www.startssl.com/).
SignTextJS also does not work in beta, 50.0b10: https://github.com/mozkeeler/signTextJS/issues/45 This add-on has 88 683 Average Daily Users. It is the only way to use crypto.signText in Firefox to sign content. Please help
Regression range: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=de179cfc917a5b747c1a7559ad08c233e8c419f8&tochange=3d09e38954064b41dbc0a9387b5c5a205bf21e15 David Keeler — bug 1284946 - remove usages-related APIs from nsIX509Cert r=Cykesiopka,Felipe,jcj "remove usages-related APIs from nsIX509Cert nsIX509Cert provided the APIs getUsagesArray, requestUsagesArrayAsync, and getUsagesString." The add-on author needs to update his add-on to use the new API asyncVerifyCertAtTime from nsIX509CertDB. David, any advice?
Summary: signTextJS plus not working with Firefox 50.0beta, related to window.crypto → signTextJS plus not working with Firefox 50.0beta due to removal of API getUsagesString from nsIX509Cert
Javier, could you update your add-on?
Flags: needinfo?(javier--Lx3u0NnX4Eug3hq7uRufuMOjDIwrH7)
(In reply to Loic from comment #7) > The add-on author needs to update his add-on to use the new API > asyncVerifyCertAtTime from nsIX509CertDB. Yep - that's right. Here's what the certificate viewer in Firefox does: https://dxr.mozilla.org/mozilla-central/rev/3f4c3a3cabaf94958834d3a8935adfb4a887942d/security/manager/pki/resources/content/certViewer.js#148 Another option would be to remove the code that does it altogether (as far as I can tell it's just for display purposes).
Flags: needinfo?(dkeeler)
Comment 10•7 years ago
|
||
Hi David, how should we understand you comment? Did you mean that you would fix SignTextJS so that it could sign text in FireFox 50 (https://github.com/mozkeeler/signTextJS/issues/40 and https://github.com/mozkeeler/signTextJS/issues/45)? Or that you will not fix SignTextJS, but that hopefully JSP should fix SignTextJS Plus (https://github.com/jasp00/signTextJS/issues/1) and from FireFox 50 on only SignTextJS Plus would be the only supported extension for signing text?
Comment 11•7 years ago
|
||
bug 1083118 was closed with resolution - "use the addon in the link in the URL field" and the URL was https://addons.mozilla.org/en-US/firefox/addon/signtextjs/ does it mean that now the solution is to use this plugin: https://addons.mozilla.org/en-US/firefox/addon/signtextjs-plus/
Flags: needinfo?(dkeeler)
(In reply to Petko from comment #10) > Hi David, > how should we understand you comment? Did you mean that you would fix > SignTextJS so that it could sign text in FireFox 50 > (https://github.com/mozkeeler/signTextJS/issues/40 and > https://github.com/mozkeeler/signTextJS/issues/45)? > Or that you will not fix SignTextJS, but that hopefully JSP should fix > SignTextJS Plus (https://github.com/jasp00/signTextJS/issues/1) and from > FireFox 50 on only SignTextJS Plus would be the only supported extension for > signing text? Oh, I'm sorry - I thought we were just talking about SignTextJS Plus. SignTextJS is not an officially-supported method of preserving this functionality. It was just a stop-gap measure while websites moved away from the non-standard API. If I have time, I'll update it, but I can't promise anything.
Flags: needinfo?(dkeeler)
Comment 13•7 years ago
|
||
We have an entire insurance company who cannot do business today after their browsers auto-updated. Given that Firefox has yet to deliver an API that performs the job of crypto.signText, we have no option but to remain on crypto.signText in the short term. Please fix this urgently.
Reporter | ||
Comment 14•7 years ago
|
||
Version 0.8.6 works around this bug, and was released November 26. You may wait until the review process is done or download the add-on now (https://addons.mozilla.org/en-US/firefox/addon/signtextjs-plus/versions/0.8.6).
Flags: needinfo?(javier--Lx3u0NnX4Eug3hq7uRufuMOjDIwrH7)
Comment 15•7 years ago
|
||
It appears https://addons.mozilla.org/en-US/firefox/addon/signtextjs-plus/versions/0.8.6 is unsigned?
Comment 16•7 years ago
|
||
(In reply to Graham Leggett from comment #15) > It appears > https://addons.mozilla.org/en-US/firefox/addon/signtextjs-plus/versions/0.8. > 6 is unsigned? Probably because the latest version is too recent, maybe signature is pending.
Comment 17•7 years ago
|
||
How can the code be available for download before the code is signed? Not understanding the workflow here.
Comment 18•7 years ago
|
||
The issue is not about the signature but the review. There are 2 steps when hosting an add-on on AMO: signing and reviewing. You can sign only your add-on and host it in another place, like your own website. signTextJS Version 0.8.6 has been signed but not reviewed.
Comment 20•7 years ago
|
||
The update has passed review on AMO now.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•